HHS’s reported AI uses soar, including pilots to address staff ‘shortage’
HHS reported a 65% increase in AI use cases in 2025, including pilots specifically designed to address staffing shortages following significant workforce reductions. The agency is deploying AI tools like ChatGPT and Copilot for legal investigations and public correspondence, indicating a strategic s
Cabrillo Club
Editorial Team · February 19, 2026
Also in this intelligence package
Action Kit: HHS AI Adoption & Workforce Transformation
Event Type: Policy Change
Severity: MEDIUM
Affected Agencies: HHS, FDA, CDC, CMS, NIH
Key Contract Vehicles: OASIS+, Alliant 3, CIO-SP4, 8(a) STARS III, HCaTS
---
Immediate Actions (This Week)
- [ ] Audit your active HHS proposals and contracts for language positioning traditional staffing models vs. AI-augmented delivery approaches. Flag any SOWs that emphasize FTE counts rather than outcomes.
- [ ] Review your capability statements for HHS-relevant NAICS codes (541512, 541511, 541519, 541611, 541990, 561110, 561320, 541690) to ensure they highlight AI/ML integration, automation capabilities, and hybrid human-AI workflows.
- [ ] Identify current HHS contracts in your pipeline where staffing shortages or administrative burden are pain points (legal support, correspondence management, document processing, customer service) and prepare value-add proposals for AI-enabled solutions.
- [ ] Check FedRAMP (Federal Risk and Authorization Management Program) authorization status of any AI tools or platforms your team currently uses or plans to propose. HHS will require FedRAMP Moderate or High for AI systems processing sensitive data.
- [ ] Scan SAM.gov (System for Award Management) for recent HHS solicitations mentioning "artificial intelligence," "machine learning," "automation," or "workforce optimization" to identify early-stage opportunities aligned with this trend.
Short-Term Actions (30 Days)
- [ ] Develop AI-augmented service offerings specifically for HHS pain points identified in the reporting: legal investigations support, public correspondence management, and administrative workflow automation. Ensure all solutions address HIPAA, FISMA, and NIST 800-53 requirements from day one.
- ] **Create a compliance matrix template** for AI-enabled services that maps to HHS-specific requirements: FedRAMP authorization, HIPAA safeguards, FISMA controls, ATO documentation, and NIST AI Risk Management Framework alignment. Reference the [Secure Operations Guide (/insights/secure-operations-guide) for baseline security posture requirements.
- [ ] Engage your HHS agency contacts (program offices at FDA, CDC, CMS, NIH) to understand their specific AI pilot initiatives and staffing challenges. Position your firm as a partner for responsible AI implementation rather than traditional body shop services.
- [ ] Update your past performance narratives to emphasize outcomes achieved through technology enablement, efficiency gains, and reduced labor dependency. Quantify cost savings and performance improvements from automation where possible.
- [ ] Prepare teaming partner outreach to firms with FedRAMP-authorized AI platforms, HIPAA compliance expertise, or specialized HHS domain knowledge. Focus on partnerships that strengthen your AI delivery credibility without requiring you to build platforms from scratch.
- ] **Review your CRM and opportunity tracking systems** for CUI (Controlled Unclassified Information)-safe handling of HHS-related intelligence. Ensure your systems meet the requirements outlined in the [CUI-Safe CRM Guide (/insights/cui-safe-crm-guide) before storing sensitive agency information.
Long-Term Actions (90+ Days)
- [ ] Invest in FedRAMP authorization for any proprietary AI tools or platforms you plan to offer HHS agencies. Budget 12-18 months and $250K-$1M+ depending on impact level. Alternatively, establish partnerships with FedRAMP-authorized AI platform providers.
- [ ] Develop HHS-specific AI use case portfolio demonstrating responsible AI implementation: bias testing, explainability documentation, human-in-the-loop workflows, and privacy-preserving techniques. Build case studies from pilot projects or internal implementations.
- [ ] Pursue relevant certifications and frameworks: NIST AI Risk Management Framework adoption, ISO/IEC 42001 (AI Management System), and HITRUST for HIPAA environments. These will differentiate your firm as HHS scales AI procurement.
- [ ] Establish an AI ethics and governance practice aligned with federal AI guidelines (OMB M-24-10, Executive Order 14110). HHS will increasingly require contractors to demonstrate responsible AI practices, algorithmic accountability, and bias mitigation.
- [ ] Monitor HHS IDIQ (Indefinite Delivery/Indefinite Quantity) recompetes and new contract vehicles (HCaTS refresh, CIO-SP4 task orders) for AI-specific evaluation criteria, technical capability requirements, and past performance expectations. Position your firm 18-24 months ahead of major recompetes.
- [ ] Build strategic relationships with HHS AI governance offices and the HHS Chief AI Officer organization. Understand their AI adoption roadmap, priority use cases, and procurement strategy to align your capture efforts.
Compliance Checklist
This event signals increased scrutiny on AI systems handling federal data. Ensure your AI-enabled offerings meet these requirements:
- [ ] FedRAMP Authorization (Moderate or High) for any AI platform processing HHS data, including SaaS AI tools like ChatGPT Enterprise or Copilot if proposed
- [ ] NIST 800-53 controls implemented and documented, with particular attention to AC (Access Control), AU (Audit), SC (System and Communications Protection), and SI (System and Information Integrity) families
- [ ] FISMA compliance including continuous monitoring, annual assessments, and Plan of Action & Milestones (POA&M) for any identified weaknesses
- [ ] HIPAA safeguards (Administrative, Physical, Technical) if AI systems access Protected Health Information (PHI), including Business Associate Agreements (BAAs) and breach notification procedures
- [ ] Authority to Operate (ATO) from HHS or component agency before deploying AI systems in production environments
- [ ] AI-specific risk assessments addressing bias, explainability, privacy, security, and safety per NIST AI Risk Management Framework
- [ ] Data minimization and purpose limitation controls ensuring AI systems only access data necessary for authorized use cases
- [ ] Human oversight mechanisms for AI-generated decisions affecting individuals, particularly in legal investigations and public-facing correspondence
- [ ] Algorithmic transparency documentation explaining how AI models make decisions, training data sources, and performance metrics
- [ ] Incident response procedures specific to AI system failures, including model drift detection, adversarial attack response, and data poisoning mitigation
For comprehensive guidance on securing AI-enabled operations in federal environments, review the CMMC (Cybersecurity Maturity Model Certification) Compliance Guide (/insights/cmmc-compliance-guide) for defense-in-depth strategies applicable to civilian agencies.
Resources
- HHS Artificial Intelligence Strategy (https://www.hhs.gov/about/agencies/asa/ocio/ai/index.html) — Official HHS AI adoption framework and governance approach
- OMB Memorandum M-24-10: Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (https://www.whitehouse.gov/omb/briefing-room/2024/03/28/omb-releases-implementation-guidance-following-president-bidens-executive-order-on-artificial-intelligence/) — Government-wide AI policy requirements
- NIST AI Risk Management Framework (https://www.nist.gov/itl/ai-risk-management-framework) — Voluntary framework for managing AI risks
- FedRAMP Marketplace (https://marketplace.fedramp.gov/) — Search for authorized AI/ML cloud services
- HHS OCIO Cloud and Data Center Optimization (https://www.hhs.gov/about/agencies/asa/ocio/cloud/index.html) — HHS-specific cloud and AI deployment guidance
- Executive Order 14110: Safe, Secure, and Trustworthy AI (https://www.whitehouse.gov/briefing-room/presidential-actions/2023/10/30/executive-order-on-the-safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/) — Federal AI safety and security requirements
How Cabrillo Club Automates This
Cabrillo Signals War Room already detected this HHS AI adoption trend and delivered this briefing within minutes of the reporting. The War Room continuously monitors policy announcements, agency strategic plans, budget justifications, and workforce developments across all federal agencies—so when HHS signals a major shift toward AI-enabled operations and away from traditional staffing models, you're alerted immediately with context about affected contract vehicles, NAICS codes, and market implications. You don't need to manually track dozens of agency websites, Federal Register notices, or trade publications.
Cabrillo Signals Match Engine automatically rescored your opportunity pipeline the moment this event was detected. Any open HHS opportunities in your tracker that emphasize traditional staffing augmentation (NAICS 561320, 561110) may have decreased match scores, while opportunities aligned with AI/ML services (541512, 541511), business process optimization (541611), or IT modernization (541519) received higher relevance scores. The Match Engine factors in this policy shift when calculating your probability of win and strategic fit, so your capture team focuses on opportunities where HHS's new priorities align with your capabilities.
Cabrillo Signals Intelligence Hub tracks all affected agencies (HHS, FDA, CDC, CMS, NIH), relevant contract vehicles (OASIS+, Alliant 3, CIO-SP4, 8(a) STARS III, HCaTS), and market segments (AI/ML, IT Services, BPO, Administrative Support). Use the saved search feature to configure alerts for new SAM.gov solicitations matching this event's profile—for example, HHS task orders under CIO-SP4 mentioning "artificial intelligence" or "workforce optimization" in NAICS 541512. The Intelligence Hub connects this policy development to actual procurement opportunities so you can act on the trend, not just read about it.
Proposal Studio (Proposal OS) helps you rapidly respond to HHS opportunities emphasizing AI-enabled solutions. When you're building a proposal for an HHS legal support or correspondence management requirement, Proposal OS pulls from your win theme library to emphasize automation, efficiency, and outcome-based delivery rather than FTE counts. The AI-powered compliance matrix generator automatically maps your AI solution architecture to FedRAMP, HIPAA, FISMA, and NIST 800-53 requirements—critical for HHS evaluations. The bid/no-bid decision engine now factors in HHS's strategic shift toward AI, flagging opportunities where traditional labor-heavy approaches may be less competitive.
Proposal Studio Workflow Tracker ensures your capture process adapts to this new HHS procurement landscape. When you advance an HHS AI-enabled opportunity through the 9-gate process, Workflow Tracker automatically routes compliance reviews to your security and legal teams to verify FedRAMP authorization status, HIPAA safeguards, and AI risk management documentation. The system generates audit-ready compliance packages demonstrating your AI governance practices—increasingly important as HHS evaluates contractors' responsible AI capabilities. Supplier certification tracking ensures any AI platform partners have current FedRAMP ATOs before you submit.
Ready to capitalize on HHS's AI transformation? Explore these features in your Cabrillo Club dashboard to identify AI-aligned opportunities, update your positioning, and accelerate compliant proposal development for this evolving market.
---
How ready are you for CMMC?
Take our free readiness assessment. 10 questions, instant results, no email required until you want your report.
Check Your CMMC ReadinessCabrillo Club
Editorial Team
Cabrillo Club helps government contractors win more contracts with AI-powered proposal automation and compliance solutions.